Recenlty I delivered a paper to a group of Directors of IT from tertiary education institutions (in Australia). There were two distinct groups of organisations represented; Large Universities and smaller Colleges (Called Technical and Further Eduaction - TAFE - here).

During the panel discussion afterwards a polarization emerged, with the Uni's stating that ITIL was an important management framework for them, and the TAFEs saying it was of no (or little) value.

A very interesting 'idea' came out of that discussion - and I would like to invite comments - or even outright disagreement (with a supporting argument hopefully)

ITIL is very much structured around the idea that the IT organisation operates as a business within a business. That is it operates as if the rest of the business were it's customers. (In some cases even charging for it's services). The TAFE directors felt that they did not operate this way at all, and did not want to. It was however, a natural was of operating for large Universities.

It was decided that it is that characteristic which establishes whether ITIL is suited or not for a particular organisation. If you are, not a 'business within a business' then ITIL is not really appropriate. There was a lot of experience in that room, and my gut tells me they are right. But I was wondering what others might think.

Think the underlying question is: Does the IT department have to be of a minimum size to be able to successfully implement and / or reap the benefits of implementing ITIL?

IT tends to become a “business within a business” only if it has grown to a certain size. Size as I mean it is not only determined by the number of FTEs, but also strategic importance etc.
IT is probably a business within a business for the universities and not the TAFEs because their IT departments are smaller. The TAFE directors feel that the size of their IT department does not give reason to implement ITIL.

I agree with the TAFE directors in that the implementation of ITIL in most of their cases will probably not result in a positive ROI. However, there might be exceptions. Lets go back to your original question:

Is ITIL appropriate if you are not a business within a business?

I agree with you in that ITIL is probably not appropriate, as explained above I would attribute this to the likely small size of the IT departments. However, I would not discard ITIL for all cases. There might be some TAFEs where the IT department has reached a certain size, but for some reason never became a ”business within a business”.

Here's some feedback from companies I've dealt with in the states. I'll also throw in some experience based on the fact that I've been in or dealt with many companies, ranging from very small to very large.

In a very large company, it seems very natural to break things down by functional roles that provide specific services. In such a case, you have resources that do a very limited number of different things. And, they tend to do those same things, every day, all year long. For example, a Change Control Board manages changes, that's it. In a large company there are so many changes that you can justify having such a group and dedicating resources to it. As a result, most big companies can find a lot of use in ITIL because it, too, breaks things down by functional roles. So, I don't think a big company would argue about its value (at least in certain areas it covers).

As you move down the stack, toward smaller sized companies, you'll find that while the work is the same, there's no option to have roles broken down by multiple people. It's just not affordable for survival. The smaller the company gets the more roles a single person will share. What this means is that the clarity of the roles starts to get foggy. Since there is one person doing many things, he/she doesn't stop to think, "I'm doing change management at this moment" or "I'm doing Incident Management at this other moment", and so on. They just do it all.

However, if you really take what people do in smaller companies, you'll find that they do the same things that are defined in ITIL, just in different ways. For example, if you get a call from the customer and you don't have a formal tool to log it in, you will still go through the process of resolving the issue for them. Isn't this the heart of Incident Management? You will still work to identify and manage defects in your products and services to improve them for your customers. Isn't this the heart of Problem Management? If you have a product you offer, you will still manage changes to code or systems and test them before you distribute them to your customers. Isn't this the heart of Change Management? In short, small companies do the same things, but they don't have the luxury (or the burden, depending on how you view it) to have dedicated head count to a specific role/function. They also can't afford the burden of the overhead that comes with formal management of the roles and the interfaces between them.

An intersting area is the concept of a Change Control Board. Small companies simply can't afford or justify such a concept, if you take it in its literal sense. However, if you ask yourself, "Do small companies have people who review changes before they're implemented and/or rolled out to customers?" The answer is typically "yes". So, in spirit, a small company will still perform the functions of a CCB without all the formalities of a larger group.

Anyhow, to address your original question of can there be value in ITIL for smaller companies? My answer is, "yes", as I believe there's value in everything. Understanding the roles and the terminology is valuable for members of a small company so that they understand the value of each independent piece of work they perform. It's valuable to understand that registering and managing a customer's call is at the heart of Incident Management. It's valuable to understand that when you've looked at a repeating set of customer calls and you've realized you can eliminate them by fixing something in your product that you're in the heart of Problem Management. Also the minute they've rolled out a Help Desk tool to track their calls, they've just implemented a piece of ITIL Incident Management, without knowing it. Again, by deploying a defect tracking tool to manage their defects/issues, they've just implemented a piece of ITIL Problem Management. They may not think of it as having implemented ITIL but, in reality, they have, haven't they? Anyhow, my opinion is that there is always value in "understanding", isn't there?

Well - I have to say that I think your stance is wrong RJP - and that Frank's is right. Having worked within a very large multi-national company and a small local one, I firmly believe that as it is based on Industry best practice everyone, without exception, will benefit from implementing the ITIL processes. Even if you define small as a company with less than 50 people, the processes will make a difference.

I have seen how just implementing part of the processes made the IT service more stable, more responsive and able to shape itself closer to the business needs of the company.

My perspective is that as a service, IT is always customer facing - we do provide a service whether other people see it that way or not, and therefore they are our customers. We respond to requests, complaints and wishes. Just like a business!

Just as an aside - we are smallish - 350 people and our Change Advisory Board is virtual - all done by E-Mail and phonecalls - it works for us.

Very interesting discussion
I think ITIL will work for SMB's you dont have to implement all processes you can only implement 4 core processes and built these wider/bigger.
What do you guys think about ITIL in a 5 man organisation? will it work here too?

I keep this an eye out on this discussion its very interesting.

So what do you folks think about ITIL in SMB's:
Will itil work in SMB's?
Will (implementing) itil (processes) not cost the SMB more money?

It is my opinion that you "can" make ITIL work in a small to medium sized business, as well as in a large one. However, the implementation of ITIL will need to be different. And, I believe there are no formal rules about how you should implement ITIL.

In order for it to work, you will have to omit many of the functions and steps that add organizational overhead, such as reporting, even though these may be valuable to larger companies. Small companies tend not to need to perform elaborate reporting because all the members understand what's going on in all areas, all the time. However, as I mentioned above, it can work if the spirit is followed.

For example, structured and repeatable processes for handling help-desk Incidents, to ensure you have a repeatable Incident Management process. In this case, whether you are small or large, it is always useful to have customer calls logged, assigned unique IDs, ensure that follow-ups are appropriately addressed, etc.

Problem Management will be more of a Defect Tracking and Management function, which most competent developers (software and/or hardware) will typically follow, to help facilitate their list of things to fix in a product.

Any organization, especially small ones that have no real room for error, will always have strict controls in place for moving product across environments. When I say "environments", things usually start in Development, move on to other QA environments, and ultimately into a controlled production environment. In this case, the small company may literally use the Defect records, themsevles, or the logging of changes directly into a Source Code Control System as their mechanism for logging Changes.

Fundamentally, it's all about the roles and functions. For a large company, it is very common to have roles split across multiple resources. In a smaller company, this is not financially possible. It does not mean that the fundamental pieces of the process will change. The processes, themselves, for a smaller company, will simply not be as elaborate and heavy as they will need to be in a larger company. Being large brings organizational scaling issues into play that a small company will not need to deal with. Example: If you're small and all your resources are on one floor of a common building, you can yell through a hallway to ask a question of a peer. If you're large and your peer is in another country, this forces you to use alternate communications methodologies. ITIL will simply require "steps" and "functions" in a larger company that are simply not necessary in a smaller one. It doesn't mean that ITIL won't work for a smaller company. It just means that you can jettison a good deal of the "overhead" baggage.

My personal experiences, based on some of the small companies I've worked with and some of the largest companies in the world that I've worked with, is that hard-core small companies tend to follow processes even more stringently than larger companies do. In smaller companies there is less room for error and time to market is even more critical for them. They don't have time to send a report for something to someone else for review, only to have an answer a day or two later. They may not know it, but they may, possibly, already be following ITIL best practices more successfully than many larger companies.

Guerino1,
"If it helps" Offcourse your story was very much welcome.
(sorry about not claryfying SMB)
As I do a "research" on ITIL in smaller organisations this topic is very handy as your information I thank you for this.

My "research" (will) contain the following items:
-What it ITL (this is a small chapter for non-ITILers)
-What is a small organisation (define small business, how they work etc)
-ITIL and small organisations (how will ITIL fit in a small organisation)
-Conclusion (Will ITIL work for SMB and Will ITIL not cost too much)

I already got very very much information right now, but I want more and more information what other ITILers think about this.

So I want to ask everyone that will read this:
--How will you fit ITIL in a small organisation? (which processes, which functions will you implement/be needed?)
--Do you think ITIL will work for a small organisation (and how)?
--Will (implementing) ITIL cost the smaller organisations too much money?

I hope I can get some answers on there questions from all of you that would be very welcome. I can give you a copy of the research/info I got on this moment if you like.

I agree with most points made here, but I think that ITIL in its strict sense is unsuitable in almost all small business and most medium businesses.

let's not confuse ITIL with IT Service Management. yes structured and repeatable processes, formal ownership of roles etc are all goodness. No they shouldn't usually use ITIL to get these.

We are researching what the equivalent processes look like in Very Small Enterprise. What little research exists certainly indicates it doesn't look much like ITIL.

More generally, ITIL is flavour of the year right now in IT. There needs to be a little more critical thought as to whether ITIL fits each situation.

Moreover, even in larger organisations, business has this obesession with best practice right now. People are irresponsibly burning resources chasing best practice for processes that are not in the value chain of their organisation, not mission critical, for which there is no business case for the investment, no provable ROI (tangible or intangible). ITIL is gold-standard best practice. Doing best practice should be a strategic decision, not the default.

CC, we are currently building Core Practice for Small Business, including ITSM processes, i.e. the equivalent of ITIL for Small Businesses. This is a voluntary initiative, and the results are freely available under GNU license._________________Rob England, Two Hills Ltd

Interesting topic. I work with a large company which IT resources are spread around the globe in small units. So I am finding myself in the interesting situation of implementing ITIL in a large company, but facing the challenges of implementing formal processes in small organizations.

I face this question all the time. I recently had a conversation with someone who supports 35 users and who is the only person in his business unit. What is the motivation for that person to record all incidents in the global Service Desk system? How am I going to sell the idea that maybe he shouldn't make changes to local servers without submitting to a Change process structure and, overall, how do I make the whole thing appealing enough to convince him that this is a good thing for him as well as for the organization?

My feeling is that typically, if you don't have properly defined processes, the overall reliability of your infrastructure will suffer. 24 Incidents per user per year is a reality in many places. 8 is our target at the moment. So you're going to spend a lot of time firefighting and you're going to have unhappy users.

Of course, you're going to tell me that your users are fine because they don't complain and you don't have anywhere near 24 incidents per user per year..... Even better, you have users who help others fix things so you don't deal with "the easy stuff".

... and what can I say to that?

I can't say your users are not fine because we have no survey or measures that gives any sort of indications.
I can't argue about the number of incidents per user per year because it is not measured.
I can't possibly list all the reasons why it is alarming if your users don't call you when they have a problem

........ so my personal answer to the question is this: ITIL is for every company, small or large. It will easily be perceived as "bureaucracy" in small businesses because agility is what small businesses perceive as their biggest strength quite consistently. You need to adapt the framework to fit the organization's culture, and then bend it as you harvest results... it takes time.. but there is no reason why it wouldn't work._________________BR,
Fabien Papleux

BR, be careful of terminology here. Do you mean ITIL is for organisations large and small, or do you really mean ITSM is?

You can reduce incidents, control change and generally have defined repeatable process and shared repositories and not be doing ITIL.

My statement was that ITIL is overkill for many smaller organisations, or even larger ones if they don't have the business case for ITIL.

I don't think that clashes with what you are describing in your business. A large, dispersed organisation with pockets of small-org informality sounds to me like one that is a strong candidate for the rigour and completeness of ITIL, and if you have sound business reasons for getting from 24 incidents per user to 8 then I'd guess there is a solid business case for ITIL too._________________Rob England, Two Hills Ltd

Twohills; really interesting comments. I have been and had a look around your site. It's a very interesting and valid concept - I wish you well with it.
(BTW - please fix up the unreadable 'light blue' text on the site )

Initially I started this thread from an idea about the 'business-within-a-business' model that informs a great deal of the ITIL. Nobody has addressed that directly, but I think it still stands as a critical point. Everybody is talking about ITIL as if it were simply a group of discrete operational processes. (BTW see my neighbouring post - this misconception looks like being addressed in ITIL V3) Twohills comment is right on the money: ITIL is not ITSM. And to a real extent even great processes for technical operations are also not Service Management.

You can put in a very good incident management process, scaled to any sized organisation, that matches the ITIL process in key points - and only be doing better technology management.

The Core of ITIL (Apart from the 'business' model) is also the core of ITSM: To align IT to the Business through the provision of Services (the business capability the technology enables).

My initial feeling, when reflecting on the comments of managers in small scale operations, is that at the low end of the organisational scale there is no gap between technology deployment and business requirements, and that formalisation of IT capabilities into business services might be unwarranted.

This doesn't imply that incident, problem, change management isn't needed at any scale, or that some level of formalisation in their exectution isn't of value.

What I was reflecting on is whether the provision of supporting technology needs to be managed through a formal business to IT relationship, mediated by Service Level Management and its products, the Catalogue, SLAs, performance reports, and etc.

I was, in fact, working from the premise that if your take this core business orientation out of how IT is managed you have most definitely left the ITIL behind - no matter how tight your individual processes are.

So lets not debate the usefulness of change mangement et al, that's a given, and was never my intention is starting this thread. The real question is whether the ITIL framework is a value proposition for small to medium businesses, and why.

The conclusions we came to in Core Practice are that in Very Small Enterprises (say less than 50 or 100 total staff):
- it is still very much the best approach to structure around services: focus on the customer, optimal spending and effort, transparency of costs, accountability...lots of reasons
- however there is no 'tribal effect", no us-and-them, no distinct IT as an entity - no "business within a business"
- so services are provided by the organisation to customers, partners and staff, not by IT to the organisation
- so all disciplines deliver services, not just IT: governance, finance, operations, people (HR), sales ....
- and hence Service is a discipline in its own right, not part of IT
- in fact many processes that ITIL places in IT no longer belong there: e.g. Change is a busines governance process because it is not just IT change. More controvertially, IT Operations is a process within business operations. And even more controvertially Config Management disppears into financial asset management

So my answer to your original question is that where there is no business within a business the concepts of Service Management are still valid; services just originate from the organisation as a whole so a more holistic view of services is required. ITIL (as an instance of that subset of SM known as ITSM) is still valid where there is a business case for the rigour and complexity (and hence effort) of using ITIL. But it will need some transformation to apply to the whole business not just IT. or alternatively it could be used as-is for the IT discipline, and variations used for other disciplines. or ( to get back to my soapbox again) a different or simpler approach may be a better business decision._________________Rob England, Two Hills Ltd

It was decided that it is that characteristic which establishes whether ITIL is suited or not for a particular organisation. If you are, not a 'business within a business' then ITIL is not really appropriate. There was a lot of experience in that room, and my gut tells me they are right. But I was wondering what others might think.

Comments?

Hi rjp

I don't neceserily think that ITIL is always a 'business within business'. Consider the motto of "Continuous Improvement on delivery of Business Needs" or proccesses built in ITIL around Deming cycle. ITIL shapes a framework of proccesses which need to be assessed and improved over time, which is what TAFE execs I think failed to understand. You don't neceserily have to act as a business or charge for IT services in order to have a successful and functional ITIL model in place. ITIL can be considered as a cog in the system which improves delivery of IT Department on The Business Needs of the Organization.